Email SPAM prevention

So we all know there are plenty of products out there that are designed to fight SPAM. Most of them use some sort of algorithm to detect "spammy" emails, or block senders by email address, domain, or IP. Many of the web-based email providers also offer basic SPAM protection with your account.

None of the methods employed by any anti-spam product, however, is perfect. They all seem to have some amount of false-positives (valid email classified as spam), they don't catch 100% of spam, and are usually late to pick up on new attack vectors.

I have a new idea in SPAM prevention. It may not be revolutionary, it may not sound pretty, and it's surely not perfect. It is, however, simple - and may just work better than most methods out there. Why not have an email PIN - a number of your choosing that MUST be in the Subject line of any emails sent to you. For example, instead of the Subject being "Hello, how are you?", it would have to be "Hello, how are you? *6738*". If that *6738* isn't there, the email is automatically put in a Junk folder, or simply deleted/bounced back to the sender. All you need to do is give your PIN to anyone who you want to receive email from. Now you know that if you receive an email, the sender must know you, and either had contact with you or saw your PIN on your business card or website, etc. Why wouldn't spammers be able to just scan your website for your email address and PIN? Simple - it would be too complicated to track down your PIN along with your email address, because you could disguise it in many ways, and place it away from your email address. It would be easy enough, however, for legitimate human customers to find it.

Nobody would ever be able to guess your PIN - there would just be too many combinations, and they'd have to send one email after another just to find out if it was correct. Afraid a spammer got your PIN? Change it.

How would websites that you register with be able to send you email? Easy - they'll put another field on their form for your email PIN. They'd then include it with any emails they send you. Now you know that email you received from some website isn't just SPAM, because you must have filled out a form on that website. (Okay realistically, sites could still sell your PIN along with your email address when they sell or rent mailing lists, but there's probably some way around this too - how about a "disposable" PIN you can use just for one website - then if some company in a different domain emails you with that PIN, it won't be recognized!)

This could be easily implemented in just about any email system. In fact you could do it right now in any system that allows some type of mail rules or filtering based on the Subject line. Just create a rule that basically says "Don't allow any mail unless it has *1234* in the Subject line", where 1234 is your PIN. The asterisks around the number are just to ensure that other numbers in the subject line aren't mistaken for the PIN. It's really optional, as of course there is no standard (yet) and this is totally customizable. Of course right now this would only work if it's a human emailing you, and you tell them they have to include *1234* in the Subject line. But if this were widely adopted, that would quickly change.

What do you think? Comments/questions? Improvements?